C
C#13mo ago
Shaka

❔ Is this possible in WEBAPI to add logic between JWT token validation and the authorization?

I read a blog about the AspNetCore WebApi: https://jasonwatmore.com/post/2022/02/18/net-6-role-based-authorization-tutorial-with-example-api this sample add an User instance in HttpContext.Items after the token validation and bring it to the Authorization filter to use it. I'm trying implement this with AspNetCore internal functions(middleware, policy and requirements). but I cannot find a way to add User instance in that time. and also try to created a custom middleware but this Handler will be invoked after the authorization. 
public class CustomAuthMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
    private IUserService userService;

    public CustomAuthMiddlewareResultHandler(IUserService userService)
    {
        this.userService = userService;
    }
    public Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
    {
        if (authorizeResult.Challenged)
        {
            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
            return Task.CompletedTask; ;
        }
        var userId = int.Parse(context.User.Claims.First(x => x.Type == "id").Value);
        context.Items["User"] = userService.GetById(userId);
        next(context);
        return Task.CompletedTask;
    }
}
public class CustomAuthMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
    private IUserService userService;

    public CustomAuthMiddlewareResultHandler(IUserService userService)
    {
        this.userService = userService;
    }
    public Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
    {
        if (authorizeResult.Challenged)
        {
            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
            return Task.CompletedTask; ;
        }
        var userId = int.Parse(context.User.Claims.First(x => x.Type == "id").Value);
        context.Items["User"] = userService.GetById(userId);
        next(context);
        return Task.CompletedTask;
    }
}
Is there any handler can add some logic between JWT token validation and API authorization?
.NET 6.0 - Role Based Authorization Tutorial with Example API | Jas...
How to build an API with role based authorization / access control in .NET 6.0 & C#. Includes example client apps built with Angular, React and Vue.
36 Replies
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
        context.Items["User"] = userService.GetById(userId);
        context.Items["User"] = userService.GetById(userId);
just this line
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
this is the code from the sample
No description
Shaka
ShakaOP13mo ago
No description
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
thanks you mean I add user info in the claims?
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
such as roles the HttpContext.User>?
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
could the claim store array or list?
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
this interface?
No description
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
so I can put the roles into claims into the token. after the token validation, I can use the HttpContext.User.Roles for authorization
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
i may take time to understand that. I'm new with C# I'll try to understand that IClaims interface and find a way to query the user role with user id thanks now I find the only ways is query the user role with ID in policy requirement but I need to query the roles in each requirement class.
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
yes, and I don't wanna the roles put inthe claim and return to the user I'll try this
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
I agree sorry my English is not well. maybe I miss something you said
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
Thanks , I implemented a custom IAuthorizationService. I made it thankks alot
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
a minute
Shaka
ShakaOP13mo ago
No description
Shaka
ShakaOP13mo ago
No description
Shaka
ShakaOP13mo ago
here is the program file
Shaka
ShakaOP13mo ago
No description
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
and there is another way to impl that
Shaka
ShakaOP13mo ago
No description
Shaka
ShakaOP13mo ago
the jwtbearerOption has a event that would be invoked when the token validated
Unknown User
Unknown User13mo ago
Message Not Public
Sign In & Join Server To View
Shaka
ShakaOP13mo ago
truly thanks for your comments about IAuthService
Accord
Accord13mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server